Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1024
CA20130725-01: Security Notice for CA Service Desk Manager
29 July 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CA Service Desk Manager
Publisher: Computer Associates
Operating System: Windows
AIX
Linux variants
Solaris
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2013-2630
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
CA20130725-01: Security Notice for CA Service Desk Manager
Issued: July 25, 2013
CA Technologies Support is alerting customers to a potential risk
with CA Service Desk Manager. A vulnerability exists that can allow a
remote attacker to conduct cross-site scripting attacks. CA
Technologies published patches to address the vulnerability.
The vulnerability, CVE-2013-2630, occurs due to insufficient
verification of URL query string parameters. An attacker, who can
have an unsuspecting user follow a carefully constructed URL, may
perform various cross-site scripting attacks.
Risk Rating
Medium
Platform
Windows, Sun, AIX, Linux
Affected Products
CA Service Desk Manager 12.5
CA Service Desk Manager 12.6
CA Service Desk Manager 12.7
How to determine if the installation is affected
Steps to identify the Service Desk Manager version and if the
relevant patch is installed:
1. Navigate to the $NX_ROOT directory on the Service Desk server.
Note: NX_ROOT points to the Service Desk Manager installation
directory which by default is
"C:\Program Files\CA\Service Desk Manager" for Windows or
"/opt/CAisd/" for Sun Solaris, AIX, and Linux.
2. Identify the Service Desk Manager application version using
the following steps:
a. Navigate to the "$NX_ROOT\pdmconf\" directory for Windows or
"$NX_ROOT/pdmconf/" for Sun Solaris, AIX, and Linux.
b. Locate the file with the name "version" and open it with a text
editor.
c. The version of Service Desk Manager can be noted from the file
(Example: Version r12.6).
3. Locate the file <machine_name>.his under $NX_ROOT directory.
Note: The file may not exist if the Service Desk Manager server is
unpatched.
4. Open the file with a text editor and locate the patch based on the
matrix below for the corresponding Service Desk Manager version
and operating system:
R12.5:
WINDOWS: RO59355
LINUX: RO59356
SUN: RO61158
AIX: RO61159
R12.6:
WINDOWS: RO59358
LINUX: RO59359
SUN: RO59360
AIX: RO59362
R12.7:
WINDOWS: RO59560
LINUX: RO59365
SUN: RO59366
AIX: RO59367
An example entry found in the history file:
[DATE] - PTF Wizard installed RO59355 (USRD) RELEASE=12.7
5. If the corresponding patch is not installed, then the installation
might be vulnerable.
Solution
CA Technologies published the following patches to address the
vulnerabilities.
CA Service Desk Manager 12.5 Windows:
RO59355
CA Service Desk Manager 12.5 Sun:
RO61158
CA Service Desk Manager 12.5 AIX:
RO61159
CA Service Desk Manager 12.5 Linux:
RO59356
CA Service Desk Manager 12.6 Windows:
RO59358
CA Service Desk Manager 12.6 Sun:
RO59360
CA Service Desk Manager 12.6 AIX:
RO59362
CA Service Desk Manager 12.6 Linux:
RO59359
CA Service Desk Manager 12.7 Windows:
RO59560
CA Service Desk Manager 12.7 Sun:
RO59366
CA Service Desk Manager 12.7 AIX:
RO59367
CA Service Desk Manager 12.7 Linux:
RO59365
CA20130725-01: Security Notice for CA Service Desk Manager
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
References
CVE-2013-2630
Acknowledgement
CVE-2013-2630 - Puneeth Kumar R
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at http://support.ca.com/
If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team:
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
Regards,
Kevin Kotas
Director, CA Technologies Product Vulnerability Response Team
Copyright (c) 2013 CA. All Rights Reserved. One CA Plaza, Islandia,
N.Y. 11749. All other trademarks, trade names, service marks, and
logos referenced herein belong to their respective companies.
- -----BEGIN PGP SIGNATURE-----
Charset: utf-8
wsBVAwUBUfGmaZI1FvIeMomJAQEIJwf/dJHMhnStmOckkTcQSBZt/Txhy+kIF51/
v7yeeSmCsNpaCtxLg6noxDSPRa3hB4owRNL2qU9Bfst8FVvpX1CyF7El+S3XqgHg
thYFmlWbvmJr30G7saw6fsLRsQpjG1m4zAb518Csy2L1+MnoH1discqvzmlH5kkD
VfhuPBuTpuhbMiwBwbmojm5nXQoBssZIKTneYYn3TUf0MvRH4KtopPgAqcB/BxmY
x7tc9pD2tJpyjJQ/WFAOZMxoaaP9oBXlbf8b2Plqh2lkmxtZTD8KppngwMXhce6s
kqTuHuUk1IMLPhXDeIgXQHN6HaQKshGqYBUJEv18oKDYY5ZlD3Scsg==
=KV9p
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUfX07BLndAQH1ShLAQKu9Q/+K10gpULIqk7X+3gtpFI4Dz/1xiOO9vuA
qt2gc+oA6/8YO9QzYRE/FMT+vnQ36s+4uHDFJ1MQSOwSQSZvarAPCcBfXTk0r+4m
PyXI6ulF6bUdJb//586exOuobuWHXJmMo0VlTv+8xp0jD0fgwtBHFyCdR9veA5m1
GB/+7b0H4dmqoBkL7qhvlAko4F2A2MXlv1g+Ko0KUhT48ZcZuP9BlHnDwsVJm3vp
oGkzlpq7YRdbwmOyX5AndooMkZCN9+rja87K+F4AamW7pzXxrzDSuR7JKVERKith
w8+FYMa8ztLgsjYNv/L4QJfW/OibI/6Uol+CHL0dTN6qmmC0kDI0EJfV/zrk4xDr
Srck7zwTvuM4yzbRrTgkfErOxrOYQiFWlGWUFWdYEx+JynarMNHRgmgtdWCeJWNT
fDuVvXhKt3H6U89mGUjZPeqvpD+lbdMssIKPs5EUPIAGnAxiW82rk9ZEGc+YmYEM
ODVVcI9cHIbQ6IUdqjL4VMYG+PoAyWebU2XhJvDzNBhGtRT4qcfgI8sr7m5AlDae
rLKsBYYXipxvlHq9aCMC7XC12HW3x4vlov3Zp9VB9rBs6EQIPb8NnGfth5yLp04x
iSG8rJTASzhcSUbt/Ia82/5x4JbiP5ncjh51sEtfL8X/X0shj1phqKCCT0yYoFyj
jbxAZ9Ok7Oc=
=xxep
-----END PGP SIGNATURE-----